Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote Access VPN on an ASA that Authenticates against a Remote LDAP server through a site to site VPN.

I've got a question here that I don't know the answer to off hand.

I've got a remote site that is a small office.  There are no servers(Active Directory) at that site, though there is a local file store.  The site has a l2l tunnel back to HQ, where they get active directory services.  Is there any way to have a remote access VPN authenticate against the remote LDAP server group through the VPN?

I can make an LDAP server group, but when I assign an interface, that's where I get stuck.  It's obviously not on the inside interface, as the servers don't reside in that subnet.  If I choose the outside interface, the ASA will look for the private IP on that side, and not find it because it doesn't seem to send that off to the remote site.

Is there something that can be configured so the ASA recognizes that it needs to send it through the VPN ?

  • VPN
VIP Purple

Re: Remote Access VPN on an ASA that Authenticates against a Rem

I don't see any reason that it shouldn't work. The following has to be done:

1) Specify the LDAP with the outside interface

2) Make sure you have a route to the network of the LDAP-server pointing to your WAN-router or your provider.

3) include your public IP in the crypto ACL as the LDAP-traffic will be originated from the public IP of the ASA.

Sent from Cisco Technical Support iPad App

-- Don't stop after you've improved your network! Improve the world by lending money to the working poor:
This widget could not be displayed.